From d35c79a419f49277fd4b7e55e69c16607b7a8a65 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Wed, 8 Dec 2021 00:12:46 +0000
Subject: [PATCH] gmp: add patch for CVE-2021-43618

---
 .../libraries/gmp/6.2.1-CVE-2021-43618.patch  | 19 +++++++++++++++++++
 pkgs/development/libraries/gmp/6.x.nix        |  2 ++
 2 files changed, 21 insertions(+)
 create mode 100644 pkgs/development/libraries/gmp/6.2.1-CVE-2021-43618.patch

diff --git a/pkgs/development/libraries/gmp/6.2.1-CVE-2021-43618.patch b/pkgs/development/libraries/gmp/6.2.1-CVE-2021-43618.patch
new file mode 100644
index 000000000000..eec8206dba05
--- /dev/null
+++ b/pkgs/development/libraries/gmp/6.2.1-CVE-2021-43618.patch
@@ -0,0 +1,19 @@
+https://gmplib.org/repo/gmp-6.2/raw-rev/561a9c25298e
+
+diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
+--- a/mpz/inp_raw.c	Tue Dec 22 23:49:51 2020 +0100
++++ b/mpz/inp_raw.c	Thu Oct 21 19:06:49 2021 +0200
+@@ -88,8 +88,11 @@
+ 
+   abs_csize = ABS (csize);
+ 
++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++    return 0; /* Bit size overflows */
++
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+     {
+
diff --git a/pkgs/development/libraries/gmp/6.x.nix b/pkgs/development/libraries/gmp/6.x.nix
index 59bc98aa559f..9093073cecff 100644
--- a/pkgs/development/libraries/gmp/6.x.nix
+++ b/pkgs/development/libraries/gmp/6.x.nix
@@ -20,6 +20,8 @@ let self = stdenv.mkDerivation rec {
     sha256 = "0z2ddfiwgi0xbf65z4fg4hqqzlhv0cc6hdcswf3c6n21xdmk5sga";
   };
 
+  patches = [ ./6.2.1-CVE-2021-43618.patch ];
+
   #outputs TODO: split $cxx due to libstdc++ dependency
   # maybe let ghc use a version with *.so shared with rest of nixpkgs and *.a added
   # - see #5855 for related discussion